cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
185
Views
0
Helpful
3
Replies
Highlighted

Cisco Remote access anyconnect VPN

Hi 

We are facing some anyconnect connection failures in our setup. Need some technical guide where I can get the detils of communication from session build to session terminate between anyconnect client and server. 

Or any expert pl explain the details over the reply.

This will help me in troubleshooting.

Thanks 

3 REPLIES 3
Highlighted
RJI Advisor
Advisor

Re: Cisco Remote access anyconnect VPN

Hi,
If using SSL/TLS then communication will be using tcp/443 (SSL/TLS) and udp/443 (DTLS) from client to ASA/FTD to establish a tunnel.
If using IPSec, then you will be using udp/500, esp and potentially udp/4500 from client to ASA/FTD to establish a tunnel.

HTH
Highlighted

Re: Cisco Remote access anyconnect VPN

Thanks for reply. Yes we are using ssl/tls over tcp 443.
I need complete process details type of exachage and more.
RJI Advisor
Advisor

Re: Cisco Remote access anyconnect VPN

The AnyConnect client will build 3 tunnels: Parent, SSL and DTLS. Parent/SSL uses tcp/443, initial connection is the tcp 3 way handshake followed by SSL/TLS handshake. The DTLS tunnel (if enabled) uses udp/443, is formed at the end of the connection (after SSL//TLS) and is used for data transfer over the VPN.

The DTLS tunnel is used to avoid latency and bandwidth problems associated with some SSL connections and improves the performance of real-time applications that are sensitive to packet delay. It's optional, if it's not enabled then data is transferred used SSL/TLS instead. DTLS provides the best performance.

Do you actually have an issue you need help with troubleshooting?